ToT glibc build problem with ToT GCC

Thu Aug 29 23:03:00 GMT 2019

On 8/29/19 1:53 PM, Martin Sebor wrote:
> On 8/29/19 1:17 PM, Carlos O'Donell wrote:
>> On 8/29/19 2:36 PM, Martin Sebor wrote:
>>> On 8/29/19 11:54 AM, Carlos O'Donell wrote:
>>>> On 8/29/19 1:28 PM, Martin Sebor wrote:
>>>>> AÂ longerÂ termÂ solutionÂ isÂ toÂ replaceÂ theÂ arrayÂ withÂ aÂ suitably
>>>>> alignedÂ charÂ bufferÂ andÂ writeÂ theÂ dataÂ intoÂ it,Â e.g.,Â likeÂ this:
>>>>>
>>>>> Â Â Â Â unionÂ {
>>>>> Â Â Â Â Â Â structÂ charseqÂ replace[2];
>>>>> Â Â Â Â Â Â charÂ buf[sizeofÂ (structÂ charseq)Â *Â 2];
>>>>> Â Â Â Â }Â u;
>>>>>
>>>>> Â Â Â Â u.replace[0].nbytesÂ =Â 1;
>>>>> Â Â Â Â constÂ charÂ s[]Â =Â "?";
>>>>> Â Â Â Â memcpyÂ (u.bufÂ +Â offsetofÂ (structÂ charseq,Â bytes),Â "?",Â 2);
>>>>>
>>>>> ThisÂ isÂ stillÂ iffyÂ butÂ itÂ won'tÂ triggerÂ anÂ out-of-boundsÂ warning.
>>>>> ThisÂ codeÂ shouldÂ stillÂ beÂ flaggedÂ forÂ theÂ declarationÂ ofÂ anÂ object
>>>>> withÂ anÂ internalÂ zero-lengthÂ array,Â soÂ thatÂ willÂ needÂ toÂ beÂ dealt
>>>>> withÂ whenÂ suchÂ aÂ warningÂ isÂ introducedÂ (e.g.,Â byÂ suppressing
>>>>> theÂ warning).
>>>>
>>>> Why is this iffy? This is the kind of solution I was thinking of using.
>>>>
>>>> The alternative is an entirely new type that has a non-zero-length
>>>> array that can be used for static object allocation like this, but then
>>>> you need to cast between them in a safe way?
>>>
>>> It's iffy because of the interior zero-length array.
>>>
>>> GCC accepts zero-length array members anywhere but it doesn't
>>> always avoid assuming their elements don't overlap other members.
>>> Some other compilers don't allow zero-length arrays in definitions
>>> where they're followed by another member or element of a larger
>>> array.Â  I'd like to see GCC warn for such uses because of
>>> the overlapping problem.
>>>
>>> Martin
>>>
>>> PS For example, GCC folds the test below to false.Â  Clang does
>>> the same with slightly different test cases.
>>>
>>> Â Â  struct charseq replace[2];
>>>
>>> Â Â  void f (int i)
>>> Â Â  {
>>> Â Â Â Â  int x = *replace[1].name;
>>>
>>> Â Â Â Â  replace[0].bytes[i] = 0;
>>>
>>> Â Â Â Â  if (x != *replace[1].name)
>>> Â Â Â Â Â Â  __builtin_abort ();
>>> Â Â  }
>>
>> This static allocation is rare, it's the only one.
>>
>> Is there a viable solution for a static allocation of a structure
>> that ends in a VLA?
> 
> The static allocation isn't necessarily a problem.Â  Defining arrays
> or members of structures with flexible array members (or zero-length
> arrays) in a way that allows overlapping is.
> 
> The only viable alternative I can think of is to define replace as
> a char buffer:
> 
> Â  static _Alignas (struct charseq)
> Â  unsigned char replace[sizeof (struct charseq[2])];
> 
> Â  memcpy (replace + offsetof (struct charseq, nbytes),
> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â  (int[]){ 1 }, sizeof (int));
> 
> Â  memcpy (replace + offsetof (struct charseq, bytes), "?", 2);
> 
> This isn't pretty but it's close to strictly conforming.Â  The only
> non-conforming part other than the zero-length member is that (if)
> the char array is later accessed as struct charseq.Â  But that's so
> pervasive that it might as well be in the standard.
Couldn't we just drop the whole static initialization and do something like

  static struct charseq *replace = NULL;

  if (!replace)
    replace = malloc (sizeof (struct charseq) + 2);

It leaks the chunk of memory though.

jeff
> 
> Martin